---
- name: deploy Open Stack controler
  hosts: fed-cloud09.cloud.fedoraproject.org
  user: root
  sudo: yes
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - /srv/web/infra/ansible/vars/fedora-cloud.yml
   - "{{ private }}/files/openstack/passwords.yml"

  tasks:
  - include: "{{ tasks }}/cloud_setup_basic.yml"
    vars:
      root_auth_users: msuchy

  - name: Set the hostname
    action: hostname name=fed-cloud09.cloud.fedoraproject.org

  - name: install core pkgs
    action: yum state=present pkg={{ item }}
    with_items:
    - libselinux-python
    - ntp
    - wget
    - scsi-target-utils
    - lvm2
    - iptables-services
    - ansible-openstack-modules

  - name: disable selinux
    action: selinux policy=targeted state=permissive

  - service: name=tgtd state=started enabled=yes

  - command: vgrename vg_guests cinder-volumes
    ignore_errors: yes
 
  - lvg: vg=cinder-volumes pvs=/dev/md127 pesize=32 vg_options=''

  - template: src={{ files }}/fedora-cloud/hosts dest=/etc/hosts owner=root mode=0644

  - stat: path=/etc/packstack_sucessfully_finished
    register: packstack_sucessfully_finished

  - name: add ssl cert
    copy: src={{ private }}/files/openstack/fed-cloud09.pem dest=/etc/pki/tls/certs/fed-cloud09.pem mode=600 owner=root group=root

  - name: add ssl key
    copy: src={{ private }}/files/openstack/fed-cloud09.key dest=/etc/pki/tls/private/fed-cloud09.key mode=600 owner=root group=root

  # http://docs.openstack.org/trunk/install-guide/install/yum/content/basics-networking.html
  - service: name=NetworkManager state=stopped enabled=no
  - service: name=network state=started enabled=yes
  - service: name=firewalld state=stopped enabled=no
    ignore_errors: yes
  - service: name=iptables state=started enabled=yes

  # http://docs.openstack.org/trunk/install-guide/install/yum/content/basics-neutron-networking-controller-node.html
  - lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^ONBOOT=" line="ONBOOT=yes"
  # only for first run
  - lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^NETMASK=" line="NETMASK=255.255.255.0"
    when: packstack_sucessfully_finished.stat.exists == False
  - lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="^IPADDR=" line="IPADDR={{controller_private_ip}}"
    when: packstack_sucessfully_finished.stat.exists == False
  - lineinfile: dest=/etc/sysconfig/network-scripts/ifcfg-eth1 regexp="BOOTPROTO=" line="BOOTPROTO=none"
  - template: src={{files}}/fedora-cloud/ifcfg-br-ex dest=/etc/sysconfig/network-scripts/ifcfg-br-ex owner=root mode=0644
    when: packstack_sucessfully_finished.stat.exists == False
  # FIXME notify network service restart, eth1 must be up and configured

  # http://docs.openstack.org/trunk/install-guide/install/yum/content/basics-ntp.html
  - service: name=ntpd state=started enabled=yes

  # Try moving the yum lines before the mysql
  - yum: state=present name=https://repos.fedorapeople.org/repos/openstack/openstack-juno/rdo-release-juno-1.noarch.rpm
  - yum: state=present name=http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm
  - yum: state=present name=openstack-utils
  - yum: state=present name=openstack-selinux
  - yum: state=present name=openstack-packstack
  - yum: state=present name=python-glanceclient
  - yum: name=* state=latest

  # FIXME - temporary workaround of https://bugzilla.redhat.com/show_bug.cgi?id=1164359
  - yum: state=present name=https://kojipkgs.fedoraproject.org//packages/openstack-puppet-modules/2014.2.4/1.fc22/noarch/openstack-puppet-modules-2014.2.4-1.fc22.noarch.rpm,https://kojipkgs.fedoraproject.org//packages/openstack-packstack/2014.2/0.7.dev1340.gd4df05a.fc22/noarch/openstack-packstack-puppet-2014.2-0.7.dev1340.gd4df05a.fc22.noarch.rpm,https://kojipkgs.fedoraproject.org//packages/openstack-packstack/2014.2/0.7.dev1340.gd4df05a.fc22/noarch/openstack-packstack-2014.2-0.7.dev1340.gd4df05a.fc22.noarch.rpm

  # http://docs.openstack.org/trunk/install-guide/install/yum/content/basics-database-controller.html
  - name: install mysql packages
    action: yum state=present pkg={{ item }}
    with_items:
    - mariadb-galera-server
    - MySQL-python
  - lineinfile: dest=/etc/my.cnf regexp="^bind-address" insertafter="^\[mysqld\]" line="bind-address = {{ controller_public_ip }}"
  - lineinfile: dest=/etc/my.cnf regexp="^default-storage-engine" insertafter="^\[mysqld\]" line="default-storage-engine = innodb"
  - lineinfile: dest=/etc/my.cnf regexp="^collation-server" insertafter="^\[mysqld\]" line="collation-server = utf8_general_ci"
  - lineinfile: dest=/etc/my.cnf regexp="^init-connect" insertafter="^\[mysqld\]" line="init-connect = 'SET NAMES utf8'"
  - lineinfile: dest=/etc/my.cnf regexp="^character-set-server " insertafter="^\[mysqld\]" line="character-set-server = utf8"
  - service: name=mysqld state=started enabled=yes
    # 'localhost' needs to be the last item for idempotency, see
    # http://ansible.cc/docs/modules.html#mysql-user
  - name: update mysql root password for localhost before setting .my.cnf
    mysql_user: name=root host=localhost password={{ DBPASSWORD }}
  - name: copy .my.cnf file with root password credentials
    template: src={{ files }}/fedora-cloud/my.cnf dest=/root/.my.cnf owner=root mode=0600
  - name: update mysql root password for all root accounts
    mysql_user: name=root host={{ item }} password={{ DBPASSWORD }}
    with_items:
      - "{{ controller_public_ip }}"
      - 127.0.0.1
      - ::1
  - name: copy .my.cnf file with root password credentials
    template: src={{ files }}/fedora-cloud/my.cnf dest=/root/.my.cnf owner=root mode=0600
  - name: delete anonymous MySQL server user for $server_hostname
    action: mysql_user user="" host="{{ controller_public_ip }}" state="absent"
  - name: delete anonymous MySQL server user for localhost
    action: mysql_user user="" state="absent"
  - name: remove the MySQL test database
    action: mysql_db db=test state=absent

  # http://openstack.redhat.com/Quickstart
  - template: src={{ files }}/fedora-cloud/packstack-controller-answers.txt dest=/root/ owner=root mode=0600
  - authorized_key: user=root key="{{ lookup('file', files + '/fedora-cloud/fed09-ssh-key.pub') }}"
  - command: packstack --answer-file=/root/packstack-controller-answers.txt
    when: packstack_sucessfully_finished.stat.exists == False
  - file: path=/etc/packstack_sucessfully_finished state=touch


  # configure cider with multi back-end
  # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Cloud_Administrator_Guide/section_manage-volumes.html
  - lineinfile: dest=/etc/cinder/cinder.conf regexp="^enabled_backends" insertafter="^#enabled_backends" line="enabled_backends=lvmdriver-1,equallogic-1"
  # LVM
  - command: openstack-config --set /etc/cinder/cinder.conf "lvmdriver-1" "volume_group" "cinder-volumes"
  - command: openstack-config --set /etc/cinder/cinder.conf "lvmdriver-1" "volume_driver" "cinder.volume.drivers.lvm.LVMISCSIDriver"
  - command: openstack-config --set /etc/cinder/cinder.conf "lvmdriver-1" "volume_backend_name" "LVM_iSCSI"
  # Dell EqualLogic - http://docs.openstack.org/trunk/config-reference/content/dell-equallogic-driver.html
  - command: openstack-config --set /etc/cinder/cinder.conf "equallogic-1" "volume_driver" "cinder.volume.drivers.eqlx.DellEQLSanISCSIDriver"
  - command: openstack-config --set /etc/cinder/cinder.conf "equallogic-1" "san_ip" "{{ IP_EQLX }}"
  - command: openstack-config --set /etc/cinder/cinder.conf "equallogic-1" "san_login" "{{ SAN_UNAME }}"
  - name: set password for equallogic-1
    command: openstack-config --set /etc/cinder/cinder.conf "equallogic-1" "san_password" "{{ SAN_PW }}"
  - command: openstack-config --set /etc/cinder/cinder.conf "equallogic-1" "eqlx_group_name" "{{ EQLX_GROUP }}"
  - command: openstack-config --set /etc/cinder/cinder.conf "equallogic-1" "eqlx_pool" "{{ EQLX_POOL }}"
  - service: name=openstack-cinder-api state=restarted
  - service: name=openstack-cinder-scheduler state=restarted
  - service: name=openstack-cinder-volume state=restarted

  # http://docs.openstack.org/trunk/install-guide/install/yum/content/glance-verify.html
  - file: path=/root/images state=directory
  - get_url: url=http://cdn.download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img dest=/root/images/cirros-0.3.2-x86_64-disk.img mode=0440
  - name: Add the cirros-0.3.2-x86_64 image
    glance_image:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      name=cirros-0.3.2-x86_64
      disk_format=qcow2
      is_public=True
      file=/root/images/cirros-0.3.2-x86_64-disk.img

  - name: create non-standard flavor
    action: shell source /root/keystonerc_admin && nova flavor-list | grep m1.builder || nova flavor-create m1.builder 6 5120 50 3

  #####  download common Images #####
  - get_url: url=http://download.fedoraproject.org/pub/fedora/linux/updates/20/Images/x86_64/Fedora-x86_64-20-20140407-sda.qcow2 dest=/root/images/Fedora-x86_64-20-20140407-sda.qcow2 mode=0440
  - get_url: url=http://download.fedoraproject.org/pub/fedora/linux/updates/19/Images/x86_64/Fedora-x86_64-19-20140407-sda.qcow2 dest=/root/images/Fedora-x86_64-19-20140407-sda.qcow2 mode=0440
  # RHEL6 can be downloaded from https://rhn.redhat.com/rhn/software/channel/downloads/Download.do?cid=16952
  # RHEL7 can be download from https://access.redhat.com/downloads/content/69/ver=/rhel---7/7.0/x86_64/product-downloads
  - name: Add the images
    glance_image:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      name="{{ item.name }}"
      disk_format=qcow2
      is_public=True
      file="{{ item.file }}"
    with_items:
      - name: fedora-cloud-64-20-20140407
        file: /root/images/Fedora-x86_64-20-20140407-sda.qcow2
      - name: fedora-cloud-64-19-20140407
        file: /root/images/Fedora-x86_64-19-20140407-sda.qcow2
      # FIXME uncomment when you manualy download
      #- name: rhel-guest-image-6.5-20140630.0.x86_64
      #  file: /root/images/rhel-guest-image-6.5-20140630.0.x86_64.qcow2
      #- name: rhel-guest-image-7.0-20140618.1.x86_64
      #  file: /root/images/rhel-guest-image-7.0-20140618.1.x86_64.qcow2


  ##### PROJECTS ######
  - name: Create tenants
    keystone_user:
      login_user="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant="{{ item.name }}"
      tenant_description="{{ item.desc }}"
      state=present
    with_items:
      - { name: persistent, desc: "persistent instances" }
      - { name: qa, desc: "" }
      - { name: transient, desc: 'transient instances' }
      - { name: infrastructure, desc: "" }
      - { name: cloudintern, desc: 'project for the cloudintern under mattdm' }
      - { name: cloudsig, desc: 'Fedora cloud sig folks.' }
      - { name: copr, desc: 'Copr tenant for the buildsys' }
      - { name: pythonbots, desc: 'project for python build bot users - twisted, etc' }
      - { name: scratch, desc: 'scratch and short term instances' }


  ##### USERS #####
  # This is without passwdords. It has to be set either manually or via private.git
  # If username is  3 or less characters, use email for grep
  - name: Create users
    keystone_user:
      login_user="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      user="{{ item.name }}"
      email="{{ item.email }}"
      tenant="{{ item.tenant }}"
      state=present
    with_items:
      - { name: kevin, email: 'kevin@fedoraproject.org', tenant: infrastructure }
      - { name: laxathom, email: 'laxathom@fedoraproject.org', tenant: infrastructure }
      - { name: samkottler, email: 'samkottler@fedoraproject.org', tenant: infrastructure }
      - { name: puiterwijk, email: 'puiterwijk@fedoraproject.org', tenant: infrastructure }
      - { name: mattdm, email: 'mattdm@fedoraproject.org', tenant: infrastructure }
      - { name: tflink, email: 'tflink@fedoraproject.org', tenant: qa }
      - { name: copr, email: 'admin@fedoraproject.org', tenant: copr }
      - { name: twisted, email: 'buildbot@twistedmatrix.com', tenant: pythonbots }
      - { name: ausil, email: 'dennis@ausil.us', tenant: infrastructure }
      - { name: anthomas, email: 'anthomas@redhat.com', tenant: cloudintern }
      - { name: jskladan, email: 'jskladan@redhat.com', tenant: qa }
      - { name: gholms, email: 'gholms@fedoraproject.org', tenant: cloudintern }
      - { name: cockpit, email: 'walters@redhat.com', tenant: scratch }
      - { name: nb, email: 'nb@fedoraproject.org', tenant: infrastructure }
      - { name: pingou, email: 'pingou@pingoured.fr', tenant: infrastructure }
      - { name: codeblock, email: 'codeblock@elrod.me', tenant: infrastructure }
      - { name: msuchy, email: 'msuchy@redhat.com', tenant: copr }
      - { name: red, email: 'red@fedoraproject.org', tenant: infrastructure }
  #- template: src={{ files }}/fedora-cloud/keystonerc_msuchy dest=/root/ owner=root mode=0600
  #- shell: source /root/keystonerc_admin && keystone user-password-update --pass 'XXXX' msuchy


  ##### NETWORK ####
  # http://docs.openstack.org/havana/install-guide/install/apt/content/install-neutron.configure-networks.html
  - name: Create en external network
    neutron_network:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      name=external
      router_external=True
      provider_network_type=flat
      provider_physical_network=floatnet
    register: EXTERNAL_ID
  - name: Create an external subnet
    neutron_subnet:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      name=external-subnet
      network_name=external
      cidr="{{ public_interface_cidr }}"
      allocation_pool_start="{{ public_floating_start }}"
      allocation_pool_end="{{ public_floating_end }}"
      gateway_ip="{{ public_gateway_ip }}"
      enable_dhcp=false
    register: EXTERNAL_SUBNET_ID
  - shell: source /root/keystonerc_admin && nova floating-ip-create external
    when: packstack_sucessfully_finished.stat.exists == False

  # 172.16.0.1/12 -- 172.21.0.1/12 - Free to take
  # 172.23.0.1/12 - free (but used by old cloud)
  # 172.24.0.1/12 - RESERVED it is used internally for OS
  # 172.25.0.1/12 - Cloudintern
  # 172.26.0.1/12 - infrastructure
  # 172.27.0.1/12 - persistent
  # 172.28.0.1/12 - transient
  # 172.29.0.1/12 - scratch
  # 172.30.0.1/12 - copr
  # 172.31.0.1/12 - Free to take

  # Cloudintern network
  - name: Create a router for Cloudintern
    neutron_router:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=cloudintern
      name=ext-to-cloudintern
    register: ROUTER_ID
  - name: Connect router's gateway to the external network
    neutron_router_gateway:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      router_name="ext-to-cloudintern"
      network_name="external"
  - name: Create a private network for cloudintern
    neutron_network:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=cloudintern
      name=cloudintern-net
  - name: Create a subnet in the cloudintern-net
    neutron_subnet:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=cloudintern
      network_name=cloudintern-net
      name=cloudintern-subnet
      cidr=172.25.0.1/12
      gateway_ip=172.25.0.1
    register: CLOUDINTERN_SUBNET_ID
  - name: Connect router's interface to the cloudintern-subnet
    neutron_router_interface:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=cloudintern
      router_name="ext-to-cloudintern"
      subnet_name="cloudintern-subnet"

  # Copr network
  - name: Create a router for copr
    neutron_router:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=copr
      name=ext-to-copr
    register: ROUTER_ID
  - name: Connect router's gateway to the external network
    neutron_router_gateway:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      router_name="ext-to-copr"
      network_name="external"
  - name: Create a private network for copr
    neutron_network:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=copr
      name=copr-net
  - name: Create a subnet in the copr-net
    neutron_subnet:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=copr
      network_name=copr-net
      name=copr-subnet
      cidr=172.30.0.1/12
      gateway_ip=172.30.0.1
    register: COPR_SUBNET_ID
  - name: Connect router's interface to the copr-subnet
    neutron_router_interface:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=copr
      router_name="ext-to-copr"
      subnet_name="copr-subnet"

  # infrastructure network
  - name: Create a router for infrastructure
    neutron_router:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=infrastructure
      name=ext-to-infrastructure
    register: ROUTER_ID
  - name: Connect router's gateway to the external network
    neutron_router_gateway:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      router_name="ext-to-infrastructure"
      network_name="external"
  - name: Create a private network for infrastructure
    neutron_network:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=infrastructure
      name=infrastructure-net
  - name: Create a subnet in the infrastructure-net
    neutron_subnet:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=infrastructure
      network_name=infrastructure-net
      name=infrastructure-subnet
      cidr=172.26.0.1/12
      gateway_ip=172.26.0.1
    register: INFRASTRUCTURE_SUBNET_ID
  - name: Connect router's interface to the infrastructure-subnet
    neutron_router_interface:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=infrastructure
      router_name="ext-to-infrastructure"
      subnet_name="infrastructure-subnet"

  # persistent network
  - name: Create a router for persistent
    neutron_router:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=persistent
      name=ext-to-persistent
    register: ROUTER_ID
  - name: Connect router's gateway to the external network
    neutron_router_gateway:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      router_name="ext-to-persistent"
      network_name="external"
  - name: Create a private network for persistent
    neutron_network:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=persistent
      name=persistent-net
  - name: Create a subnet in the persistent-net
    neutron_subnet:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=persistent
      network_name=persistent-net
      name=persistent-subnet
      cidr=172.27.0.1/12
      gateway_ip=172.27.0.1
    register: PERSISTENT_SUBNET_ID
  - name: Connect router's interface to the persistent-subnet
    neutron_router_interface:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=persistent
      router_name="ext-to-persistent"
      subnet_name="persistent-subnet"

  # transient network
  - name: Create a router for transient
    neutron_router:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=transient
      name=ext-to-transient
    register: ROUTER_ID
  - name: Connect router's gateway to the external network
    neutron_router_gateway:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      router_name="ext-to-transient"
      network_name="external"
  - name: Create a private network for transient
    neutron_network:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=transient
      name=transient-net
  - name: Create a subnet in the transient-net
    neutron_subnet:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=transient
      network_name=transient-net
      name=transient-subnet
      cidr=172.28.0.1/12
      gateway_ip=172.28.0.1
    register: TRANSIENT_SUBNET_ID
  - name: Connect router's interface to the transient-subnet
    neutron_router_interface:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=transient
      router_name="ext-to-transient"
      subnet_name="transient-subnet"

  # scratch network
  - name: Create a router for scratch
    neutron_router:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=scratch
      name=ext-to-scratch
    register: ROUTER_ID
  - name: Connect router's gateway to the external network
    neutron_router_gateway:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      router_name="ext-to-scratch"
      network_name="external"
  - name: Create a private network for scratch
    neutron_network:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=scratch
      name=scratch-net
  - name: Create a subnet in the scratch-net
    neutron_subnet:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=scratch
      network_name=scratch-net
      name=scratch-subnet
      cidr=172.29.0.1/12
      gateway_ip=172.29.0.1
    register: SCRATCH_SUBNET_ID
  - name: Connect router's interface to the scratch-subnet
    neutron_router_interface:
      login_username="admin" login_password="{{ ADMIN_PASS }}" login_tenant_name="admin"
      tenant_name=scratch
      router_name="ext-to-scratch"
      subnet_name="scratch-subnet"



################
# Copr
# ##############
  - name: Copr - Create 'ssh-anywhere' security group
    neutron_sec_group:
      login_username: "admin"
      login_password: "{{ ADMIN_PASS }}"
      login_tenant_name: "admin"
      state: "present"
      name: 'ssh-anywhere'
      description: "allow ssh from anywhere"
      tenant_name: "copr"
      rules:
        - direction: "ingress"
          port_range_min: "22"
          port_range_max: "22"
          ethertype: "IPv4"
          protocol: "tcp"
          remote_ip_prefix: "0.0.0.0/0"

  - name: Copr - Create 'ssh-internal' security group
    neutron_sec_group:
      login_username: "admin"
      login_password: "{{ ADMIN_PASS }}"
      login_tenant_name: "admin"
      state: "present"
      name: 'ssh-internal'
      description: "allow ssh from copr-network"
      tenant_name: "copr"
      rules:
        - direction: "ingress"
          port_range_min: "22"
          port_range_max: "22"
          ethertype: "IPv4"
          protocol: "tcp"
          remote_ip_prefix: "172.30.0.1/12"
